1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Experimental SPF support.
6 Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004 - 2014
8 Copyright (c) The Exim Maintainers 2015 - 2018
11 /* Code for calling spf checks via libspf-alt. Called from acl.c. */
16 /* must be kept in numeric order */
17 static spf_result_id spf_result_id_list
[] = {
25 { US
"temperror", 6 }, /* RFC 4408 defined */
26 { US
"permerror", 7 } /* RFC 4408 defined */
29 SPF_server_t
*spf_server
= NULL
;
30 SPF_request_t
*spf_request
= NULL
;
31 SPF_response_t
*spf_response
= NULL
;
32 SPF_response_t
*spf_response_2mx
= NULL
;
35 /* spf_init sets up a context that can be re-used for several
36 messages on the same SMTP connection (that come from the
37 same host with the same HELO string)
39 Return: Boolean success */
42 spf_init(uschar
*spf_helo_domain
, uschar
*spf_remote_addr
)
44 spf_server
= SPF_server_new(SPF_DNS_CACHE
, 0);
48 DEBUG(D_receive
) debug_printf("spf: SPF_server_new() failed.\n");
52 if (SPF_server_set_rec_dom(spf_server
, CS primary_hostname
))
54 DEBUG(D_receive
) debug_printf("spf: SPF_server_set_rec_dom(\"%s\") failed.\n",
60 spf_request
= SPF_request_new(spf_server
);
62 if ( SPF_request_set_ipv4_str(spf_request
, CS spf_remote_addr
)
63 && SPF_request_set_ipv6_str(spf_request
, CS spf_remote_addr
)
67 debug_printf("spf: SPF_request_set_ipv4_str() and "
68 "SPF_request_set_ipv6_str() failed [%s]\n", spf_remote_addr
);
74 if (SPF_request_set_helo_dom(spf_request
, CS spf_helo_domain
))
76 DEBUG(D_receive
) debug_printf("spf: SPF_set_helo_dom(\"%s\") failed.\n",
87 /* spf_process adds the envelope sender address to the existing
88 context (if any), retrieves the result, sets up expansion
89 strings and evaluates the condition outcome.
94 spf_process(const uschar
**listptr
, uschar
*spf_envelope_sender
, int action
)
97 const uschar
*list
= *listptr
;
98 uschar
*spf_result_id
;
99 int rc
= SPF_RESULT_PERMERROR
;
101 if (!(spf_server
&& spf_request
))
102 /* no global context, assume temp error and skip to evaluation */
103 rc
= SPF_RESULT_PERMERROR
;
105 else if (SPF_request_set_env_from(spf_request
, CS spf_envelope_sender
))
106 /* Invalid sender address. This should be a real rare occurrence */
107 rc
= SPF_RESULT_PERMERROR
;
112 if (action
== SPF_PROCESS_FALLBACK
)
114 SPF_request_query_fallback(spf_request
, &spf_response
, CS spf_guess
);
115 spf_result_guessed
= TRUE
;
118 SPF_request_query_mailfrom(spf_request
, &spf_response
);
120 /* set up expansion items */
121 spf_header_comment
= US
SPF_response_get_header_comment(spf_response
);
122 spf_received
= US
SPF_response_get_received_spf(spf_response
);
123 spf_result
= US
SPF_strresult(SPF_response_result(spf_response
));
124 spf_smtp_comment
= US
SPF_response_get_smtp_comment(spf_response
);
126 rc
= SPF_response_result(spf_response
);
129 /* We got a result. Now see if we should return OK or FAIL for it */
130 DEBUG(D_acl
) debug_printf("SPF result is %s (%d)\n", SPF_strresult(rc
), rc
);
132 if (action
== SPF_PROCESS_GUESS
&& (!strcmp (SPF_strresult(rc
), "none")))
133 return spf_process(listptr
, spf_envelope_sender
, SPF_PROCESS_FALLBACK
);
135 while ((spf_result_id
= string_nextinlist(&list
, &sep
, NULL
, 0)))
139 if ((negate
= spf_result_id
[0] == '!'))
142 result
= Ustrcmp(spf_result_id
, spf_result_id_list
[rc
].name
) == 0;
143 if (negate
!= result
) return OK
;
153 authres_spf(gstring
* g
)
156 if (!spf_result
) return g
;
158 g
= string_append(g
, 2, US
";\n\tspf=", spf_result
);
159 if (spf_result_guessed
)
160 g
= string_cat(g
, US
" (best guess record for domain)");
162 s
= expand_string(US
"$sender_address_domain");
164 ? string_append(g
, 2, US
" smtp.mailfrom=", s
)
165 : string_cat(g
, US
" smtp.mailfrom=<>");